prevent shmget from allocating objects that overflow ptrdiff_t

rather than returning an error, we have to increase the size argument so high that the kernel will have no choice but to fail. this is because POSIX only permits the EINVAL error for size errors when a new shared memory segment would be created; if it already exists, the size argument must be ignored. unfortunately Linux is non-conforming in this regard, but I want to keep the code correct in userspace anyway so that if/when Linux is fixed, the behavior applications see will be conforming.

prevent shmget from allocating objects that overflow ptrdiff_t
rather than returning an error, we have to increase the size argument so high that the kernel will have no choice but to fail. this is because POSIX only permits the EINVAL error for size errors when a new shared memory segment would be created; if it already exists, the size argument must be ignored. unfortunately Linux is non-conforming in this regard, but I want to keep the code correct in userspace anyway so that if/when Linux is fixed, the behavior applications see will be conforming.
17aef0b4 · Rich Felker · 062f40ef · 17aef0b4
隐藏空白更改
内联并排

Showing with 2 addition and 0 deletion

src/ipc/shmget.c src/ipc/shmget.c +2 -0

未找到文件。
--- a/src/ipc/shmget.c
+++ b/src/ipc/shmget.c
 #include <sys/shm.h>
+#include <stdint.h>
 #include "syscall.h"
 #include "ipc.h"

 int shmget(key_t key, size_t size, int flag)
 {
+	if (size > PTRDIFF_MAX) size = SIZE_MAX;
 #ifdef SYS_shmget
 	return syscall(SYS_shmget, key, size, flag);
 #else